7211 matches found
ImpressCMS 1.4.2 SQL Injection Vulnerability
--------------------------------------------------------------- ImpressCMS getUserCountByGroupLink@$POST"groups", $criteria; 282. 283. $validsort = array"uname", "email", "lastlogin", "userregdate", "posts"; 284. $sort = !inarray$POST'usersort', $validsort ? "uname" : $POST'usersort'; 285. $order...
Ad Injection <= 1.2.0.19 - Admin+ Stored Cross-Site Scripting & RCE
The plugin does not properly sanitize the body of the adverts injected into the pages, allowing a high privileged user Admin+ to inject arbitrary HTML or javascript even with unfilteredhtml disallowed, leading to a stored cross-site scripting XSS vulnerability. Further it is also possible to inje...
MyBB 1.2.0 - 1.8.29 RCE Vulnerability (GHSA-876v-gwgh-w57f)
MyBB is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...
CVE-2022-24652
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...
CVE-2022-24652
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...
CVE-2022-24651
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...
CVE-2022-24651
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...
Privilege escalation
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...
CVE-2022-24652
CVE-2022-24652 affects SentCMS 4.0.x. The vulnerability stems from a lack of validation of uploaded files in the unauthorized file upload interface at /admin/upload/upload, enabling remote attackers to upload arbitrary files and achieve PHP code execution. The NVD reports a high-severity impact (...
CVE-2022-24652
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in php code execution in /admin/upload/upload...
CVE-2022-24651
CVE-2022-24651 affects SentCMS 4.0.x. The vulnerability allows remote attackers to upload arbitrary files via an unauthorized upload interface at /user/upload/upload, enabling PHP code execution. Multiple sources corroborate that the issue stems from lack of validation of uploaded files. No patch...
CVE-2022-24651
sentcms 4.0.x allows remote attackers to cause arbitrary file uploads through an unauthorized file upload interface, resulting in PHP code execution through /user/upload/upload...
CVE-2022-24734 Remote code execution in mybb
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...
CVE-2022-25016
Home Owners Collection Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via the component /studentattendance/index.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...
CVE-2022-25018
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages...
CVE-2022-25018
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages...
CVE-2022-25018
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages...
CVE-2022-25018
Pluxml v5.8.7 was discovered to allow attackers to execute arbitrary code via crafted PHP code inserted into static pages...
CVE-2022-25018
Removed by vendor...
CVE-2021-44967
A Remote Code Execution RCE vulnerabilty exists in LimeSurvey 5.2.4 via the upload and install plugins function, which could let a remote malicious user upload an arbitrary PHP code file. NOTE: the Supplier's position is that plugins intentionally can contain arbitrary PHP code, and can only be...